Untriaged
Permalink
CVE-2026-42014
6.6 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin
A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
References
Affected products
rhcos
gnutls
- *
rhui5/cds-rhel9
- *
rhui5/rhua-rhel9
- *
rhui5/haproxy-rhel9
- *
rhui5/installer-rhel9
- *
Matching in nixpkgs
pkgs.gnutls
GNU Transport Layer Security Library
pkgs.guile-gnutls
Guile bindings for GnuTLS library
pkgs.python312Packages.python3-gnutls
None
pkgs.python313Packages.python3-gnutls
Python wrapper for the GnuTLS library
Package maintainers
-
@vcunat Vladimír Čunát <v@cunat.cz>
-
@charlieshanley Charlie Hanley <charlieshanley@gmail.com>